I am struggling to get asana webhook verification to work using JavaScript.
I store the secret and use it to compute the hash but the comparisons are constantly failing.
Any ideas why?
This is the general code I have:
async verify(req) {
const signature = req.headers['x-hook-signature'];
const digest = crypto.hmac(
'sha256',
hook_secret,
req.payload,
);
const segmentSig = Buffer.from(signature, 'base64');
if (crypto.timingSafeEqual(digest, segmentSig)) {
return true;
}
return false;
},